Trezor investigates phishing attack, 66k users vulnerable

Hardware wallet company Trezor released a statement on a recent security incident, saying an unauthorized entity accessed its third-party support ticket portal.

According to a Trezor blog entry, about 66,000 users had their contact information leaked during the phishing attack. Per the hardware wallet manufacturer, the victims may include customers who have interacted with Trezor’s support team since the end of 2021. 

Nonetheless, Trezor — launched in 2013 by Czech Republic-based tech firm Satoshi Labs — emphasized that no digital assets were compromised during the attack. 

The startup promised to investigate the matter while working closely with the third-party service provider. It has also sent emails to all the affected contacts with the details of the incident.

Although unconfirmed, we consider it our responsibility to inform our affected users of the possibility of their contact details having been exposed, and at risk of a phishing attack. Acting out of an abundance of caution and a commitment to transparency, we have emailed all of the 66,000 contacts, alerting them to the scope of the incident. 

Trezor Security Team

This isn’t the first breach for Trezor. Unciphered claimed to have hacked its Trezor T model back in October 2023. To crack the wallet, the cybersecurity firm reportedly used a vulnerability that involved physically dismantling the device using special tools

However, Unciphered said that for the exploit to occur, the attacker would have to physically possess the wallet, the specialized tools, and knowledge of their “in-house exploit” method. 

The cybersecurity firm later announced that Trezor had taken necessary precautions to address the vulnerability, and no one could breach the wallet’s latest firmware.

Last year, a crypto investor fell victim to a fake hardware wallet scam that saw them lose about 1.33 Bitcoin (BTC). The fake wallet is said to have looked exactly like an original Trezor wallet, and the victim bought it from a trusted seller, according to a Kaspersky report. 

When inserted into a computer, the wallet reportedly showcased firmware and bootloader versions 2.4.3 and 2.0.4, respectively.

From Github’s records, Trezor had pulled down release plans for the versions, stating the product was compromised, and the market was filled with fakes.

Follow Us on Google News

Source: https://crypto.news/trezor-investigates-phishing-attack-66-thousand-users/